ietf-openpgp
[Top] [All Lists]

Re: Cleartext Signatures

2005-10-12 02:44:22

David Shaw wrote:
On Mon, Oct 10, 2005 at 06:58:03PM +0100, Ben Laurie wrote:

Daniel A. Nagy wrote:

On Mon, Oct 10, 2005 at 03:30:29PM +0100, Ben Laurie wrote:



That mantra has shown to be a less than great idea recently, since it promotes interestingly obscure security holes, so I still would like to know what the correct behaviour is, and I'd like the I-D to accurately document that behaviour.


In that case, the empty line should be mandated,

I agree.


As do I, but it seems to me that it is already mandated.  Section 6.2
(Forming ASCII Armor) mandates the line.  Section 7 (Cleartext
signature framework) refers to "The ASCII armored signature(s)".
Doesn't it them follow that the armored signature (like all armor)
mandates the line?  Am I reading into something that isn't there?

I guess careful reading supports this, but the fact that it explicitly mentions Header and Tail Lines but _not_ the headers is confusing.

Also, it seems quite a few implementations miss them out, so I'm not the only confused one.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

<Prev in Thread] Current Thread [Next in Thread>